Trustwave Blog

This past year was an eventful one for Trustwave – as it was for the entire information security industry. As data breaches rolled on, malware advanced and compliance requirements stiffened, Trustwave responded with updated products and services, stronger-than-ever intelligence and expertise, and unwavering curiosity.

You’re sitting around the holiday table – tired of hearing about Dad's new snowblower or the big-box store being built down the road – and you want to bravely steer the conversation to information security.

Dan Kaplan, who was most recently the award-winning executive editor of SC Magazine, will join Trustwave next week as manager of online content. He will be working to make the stories we share on this blog, social media and throughout our website more meaningful, compelling and valuable to you.

This week Trustwave security researchers uncovered a criminally controlled web server that contains nearly two million stolen account usernames and passwords for many popular sites, including Facebook, Twitter, LinkedIn, Google and Yahoo. Over the past few days, news outlets worldwide have reported on the discovery, and many people, including our customers, have questions about the malware, its impact and how they can protect themselves.

The PCI Security Standards Council officially has released the 3.0 version of the PCI DSS standard. Businesses have plenty of time to begin assessing their data security practices against these updated and new rules, but for many, this will require some work.

Humans spend a significant portion of their lives at work. I won’t burden you with the statistics because they might depress you, but let’s just say that between working and sleeping, it’s remarkable we find time for anything else.

We've got some great news to share! Trustwave recently received the “Network Access Control Solution of the Year” award at the 2013 Computing Security Awards ceremony, held recently at Hotel Russell in London.

Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) is due to be published on Nov. 7. That may send shivers down your spine, but the reality is, as technology advances and threats evolve, payment security requirements need tweaking.

Organizations widely vary in shape, size and mission, whether they’re a mom-and-pop sandwich shop, a midsize law firm or a multibillion dollar global bank – or anything in between. But organizations are the same in a lot of ways, too, especially when it comes to the ongoing security threats they face.

We believe in the value of security awareness training. A more security-savvy employee is one who is less likely to click on that suspicious email link or leave an unencrypted laptop containing sensitive data in their car overnight.

If you are a business that creates “smart” products – network-aware technologies that allow users to control things like locks on doors, lights, thermostats, surveillance cameras and other common devices from anywhere in the world – security cannot be an afterthought.

As we call a wrap on another busy conference season, I've had some time to think about a question I've recently heard from more than one person. Last month, news outlets far and wide reported on an entertaining presentation one of our researchers did on hacking home automation devices, including, funnily enough, Japanese “smart” toilets. It was a fun piece of vulnerability research, but the natural question that came from all of the publicity was what the heck does hacking a flushable bowl have to do with enterprise security?

Web applications are critical to business operations these days - serving as an important revenue channel and as a significant customer touch point. But what we don't know is that they bring a level of unexpected exposure - becoming the preferred attack vector for hackers.